Aircraft Solutions is a recognized leader in the design and fabrication of component products and services for companies in the electronics, commercial, defense, and aerospace industry. Based in Southern California, Aircraft Solutions has an excellent record of rendering services and employees that are dedicated to providing high quality customer service. The company’s workforce has a large skill base: design engineers, programmers, machinists, and assembly personnel to work in its enormous production plant and various segments of the industry. This assessment is to investigate weaknesses presented in the operations of the Aircraft Solutions business processes. Along with identifying vulnerabilities, an analysis of other related threats, concerns and risks will be presented.
Vulnerability Assessment
After further review to three relevant sections: hardware, software and policy, Aircraft Solutions needs special attention to hardware and policy relates processes. The Defense Division is routed through Headquarters, the Commercial Division is however directly connected to the Internet, but no firewall has been setup. This action is a concern for Aircraft Solutions. A policy vulnerability that has been noticed is the rule that states “routers and firewalls rule-sets would be evaluated once in every two years”. With today’s world and technology changing ever so often security threats happen by Internet hackers, on an everyday basis. This is a rather impractical and long time span for a company to ensure that their security measures are up-to-date. These weaknesses are detailed in the sections below:
Hardware Vulnerability
Aircraft Solution’s Commercial Division, connects to the rest of the world via the Internet causing hardware vulnerabilities due to the absence of security and safety that should be implemented, leaving great concern for major security threats. The Commercial Division is only able to access important data (budgets, shareholder information, contracts, etc…) from the world-wide web because there is no firewall in place to filter web traffic. This drawback maximizes environmental threats due to the lack of a firewall which exposes the network to external attacks and malicious content which can be sent easily over the Internet. According to the National Institute of Standards and Technology, to determine the likelihood of a future adverse event, threats to an IT system must be analyzed in conjunction with the potential vulnerabilities and the controls in place for the IT system. To measure risk, a risk scale and a risk-level matrix must be developed.
Table 1- Risk-Level Matrix
Threat Likelihood Low (10) Medium (50) High (100)
High (1.0) Low
10 X 1.0=10 Medium
50 X 1.0=50 High
100 X 1.0=100
Medium (0.5) Low
10 X 0.5=5 Medium
50 X 0.5=25 Medium
100 X 0.5=50
Low (0.1) Low
10 X 0.1=1 Low
50 X 0.1=5 Low
100 X 0.1=10
Risk Scale: High (>50 to 100); Medium (>10 to 50); Low (1 to 10)
Policy Vulnerability
Company has stated that the current security policy rules for routes and firewalls will be re analyzed every two years. This action will need to be revised due to security threats and hackers attempting to prevail every day. Vendors can provide regular monitoring and ensure patches are current and have been disseminated to protect from external threat and attacks. Aircraft Solution has not determined a definitive policy regarding how and when policy should upgrade equipment and modified business processes. As with any business, it is required that along with changes in company policies as a reaction to various business related factors such as sales fluctuations, changes in the economy, or other environmental factors that impact the company’s infrastructure it is natural and an intrinsic requirement for the security rule-sets related to firewall and router security have to be updated and modified. Using the same rules over again is risky and could lead to various levels of hacking and security breaches. Worst case scenario, if Aircraft Solutions decides to keep policy the way they are, it would just take a couple of disgruntled employees to t spread malicious content and see the company get destroyed through un-expired access permissions or provide that information to people with malicious intent. This could lead to legal problems, monetary loss, while impacting the company’s good will and public image in a very big way.
? Reference
Goguen, A., Feringa, A., Stoneburner, G., (2002). Risk Management Guide for Information Technology Systems. Recommendations of the National Institute of Standards and Technology.
You May Also Find These Documents Helpful
-
As Aircraft Solutions takes the next step in its growth, it is imperative that its IT infrastructure keep pace as to not counteract gains made by the company during this expansion. This is especially important given it designs and fabricates components for both commercial and defense related industry. Given the increase in staff as well as outside vendors accessing the network, a more centralized approach to antivirus protection has to be adopted. It is equally important that certain elements within the network that have been done manually, such as Access Control List policy, be automated to avoid consuming the IT department in an ever escalating bar of employee hours.…
- 2805 Words
- 12 Pages
Best Essays -
In 2008 Boeing had made all sorts of headlines in the media, due to some new technological developments in their newly designed 787 Dreamliner. These headlines that splashed across websites were initially brought about due to a FAA “special conditions” report. This topic of this report first appeared in Flight International, and then a few days later it gathered momentum in a critical follow up from Wired Magazine. According to Wired (2008), the FAA states “Boeing’s new 787 may be vulnerable to hacker attack”.…
- 1124 Words
- 4 Pages
Powerful Essays -
The purpose of the report is to assist Aircraft Solutions (AS) in indentifying the most significant Information Technology (IT) security vulnerabilities. AS products and services are at the forefront of the industry and the protection of such is very important as they are an industry leader. The vulnerabilities that will be discussed are the firewall configuration, virtualization of their hardware assets and defining security policy regarding the timeliness of firewall configuration and updates.…
- 2440 Words
- 10 Pages
Best Essays -
A priority to the LAN domain is proper security of physical equipment. Only authorized personnel are allowed to gain access into...…
- 663 Words
- 2 Pages
Satisfactory Essays -
Upon assessing the weaknesses of Aircraft Solutions it looks they have a major weakness when it comes to their hardware. The headquarters of AS is located in San Diego, California. Their Commercial Division is 40 miles east in Chula…
- 1868 Words
- 8 Pages
Powerful Essays -
Security is embraced by the executive management staff at MJD Electronics. An important task for the Chief Security and Compliance Officer for MJD Electronics is to outline a plan that makes considerations for many of the important aspects of valid security architecture. This discussion presents more detailed information on many topics that should be included in a solid security architecture including border routers, demilitarized zones, proxy firewalls, access control lists and filters, fail-safe equipment, and more.…
- 5030 Words
- 21 Pages
Powerful Essays -
The policy begins with assessing the risk to the network and building a team to respond. Continuation of the policy requires implementing a security change management practice and monitoring the network for security violations. Lastly, the review process modifies the existing policy and adapts to lessons learned.…
- 4827 Words
- 20 Pages
Powerful Essays -
Network: The network should be designed with security in mind. Its structure must support the company’s policies, relevant laws and regulations, without impairing the organization’s ability to conduct business. The network should be logically and physically separated into distinct and manageable security zones. Traffic between the security zones must be inspected and filtered, to ensure that only authorized network use is permitted, and all access is recorded for future auditing. Multiple devices and methods should be used to ensure security across all parts of the network. In preparing this recommendation, network security design principles have been drawn from the Cisco SAFE Reference Guide [33] and the Council on CyberSecurity’s Critical Security Controls for Effective Cyber Defense Version 5.1 [34].…
- 598 Words
- 3 Pages
Good Essays -
Hardware can be used to protect the network from outside threats. Intrusion detection systems (IDS) automate detection of threats and attack through traffic analysis. Cisco’s IDS “delivers a comprehensive, pervasive security solution for combating unauthorized intrusions, malicious Internet worms, along with bandwidth and e-Business application attacks” (Cisco Systems, 2007, Cisco Intrusion Detection). They take this one-step further with an intrusion prevention systems (IPS). IPS shifts the focus on the attacker, not the attack itself, by increasing the accuracy of threat prevention through global threat analysis (Cisco Systems, 2012, Intrusion Prevention System with Global Correlation). The Cisco Adaptive Security Appliances (ASA) “combines the industry 's most deployed stateful inspection firewall with…
- 890 Words
- 4 Pages
Better Essays -
The advancement in network technology has led to its share of security risks. Attacks against networks, user’s personal information and corporate information have changed how the world deals with network security. The idea of Network Security is no longer an afterthought but the driving force in all network designs. IT managers are now concerned with securing data, ensuring only authorized end users have access to resources, and protecting the integrity of hardware, software and devices.…
- 522 Words
- 2 Pages
Satisfactory Essays -
Introduction to Information Security © ITT Educational Services, Inc. All rights reserved. Page 4 Introducing ISS…
- 1232 Words
- 14 Pages
Satisfactory Essays -
The second vulnerability is the policies that are in place to evaluate the firewalls, routers and the personnel to maintain them. There should always be checks and balances with any system. This means you have two sets of personnel maintaining the system. One set of personnel on site, such as a security officer and an assistant security officer to maintain these controls. And the second set being from an outside vendor that would continuously monitor Aircraft Solution’s Systems regularly. This would deter any internal or external malicious attacks to the…
- 870 Words
- 4 Pages
Better Essays -
“In the blink of an eye everything can change.” These words perfectly describe the short story “The Story of an Hour” by Kate Chopin. In this short story, Mrs.Mallard’s world is turned upside down when she finds out that her husband has died. Within that hour Mrs.Mallard’s life continues to drastically change as she comes to realize that she is free to live her life how she wants. Mrs.Mallard only grieves the loss of her husband for a little while then she can’t help but say over and over that she is free. Although Mrs.Mallard was going to be sad at Mr.Mallard’s funeral she was looking forward to the coming years where her years would belong to only her. Despite the fact that Mrs.Mallard quickly got over her husband’s death her life changed…
- 153 Words
- 1 Page
Satisfactory Essays -
In this phase you will choose either Aircraft Solutions or Quality Web Design as the company you will work with. You will then identify potential security weaknesses.…
- 914 Words
- 4 Pages
Better Essays -
Data Bit- each individual ‘1’ or ‘0’ is a bit-short for binary digit. Byte- 8 bits are a byte. Kilobyte-is 1000 bytes (1024) Megabyte-is 1,000,000 bytes Gigabyte-is 1,000,000,000 bytes…
- 1084 Words
- 5 Pages
Powerful Essays